Using 7z for strong encryption in ZIP
files

Abstract

Some situations may require strong encryption in ZIP files, but
the common zip utility available on
GNU systems does not
support strong encryption. Thankfully, 7-Zip
and P7ZIP are Free Software projects that
fill this niche. This essay provides a brief overview of how to find and
use 7z, which both projects provide, for this
purpose.

I recently came across a situation where a particular vendor (in this
case, the ACCNCDR®
CathPCI Registry® submission process) required submitting ZIP archives with
AES-256
encryption. I thought they meant creating a ZIP archive, and then encrypting
it with AES-256. I burned a fair bit of time before I realized that what
they really wanted was this special type of ZIP archive with its own strong
encryption. I burned through even more time finding a piece of Free Software
that I could use to create these encrypted ZIP archives:
7-Zip.

Conveniently, there is also a port of 7-Zip
for non-Windows systems called P7ZIP that I could
use under Linux. It was not installed by default on my Linux system, but I
could select it from my package manager. If it is not available in your
package manager, you can easily install it from a source or binary package,
which are available from the P7ZIP
SourceForge page.

Using P7ZIP is easy, although invoking it
is a bit idiosyncratic when compared with most GNU utilities. Here is how I created a ZIP archive with
integrated AES256 encryption, based on a passphrase:

The first argument is the subcommand; in this case it is
a, which adds items to a (potentially new) archive. Note
how option arguments must be included immediately after
the option, which is why both the -p option and the
corresponding passphrase are together placed in quotes, so that the
passphrase can contain special characters. Full
documentation is included with the application, and is referenced
from its man page; please see that documentation for a
full list of available subcommands and options.